An Analysis of the Recent State-of-the-Art Attacks and Hacking

Techniques and the Possible Countermeasures

By
Abstract................................................................................................................................................................

1.0 Introduction....................................................................................................................................................

2.0 Critical Discussion........................................................................................................................................

2.1 Understanding IoT......................................................................................................................................

2.2 Hacking Techniques Common With IoT Devices........................................................................................

2.2.1 Distributed Denial of Service (DDoS) Attack......................................................................................

2.2.2 Ransomware Attacks.........................................................................................................................

2.3 Countermeasures Against IoT Attacks........................................................................................................

3.0 Conclusion.....................................................................................................................................................

References.......................................................................................................................................................
 Abstract

The increasing number of cyber attacks and hacking incidents has become a significant concern

for organisations in recent years, particularly those involving IoT devices. This paper has

analysed some of the most common and impactful hacking techniques, like botnets attack,

distributed denial of service (DDoS) and ransomware attacks. Possible countermeasures were

discussed, recognising that only a slew of solutions can prevent and dissuade hackers. These

solutions include regular penetration testing, strong password policies, regular patching and

updating, network segmentation, intrusion prevention systems and privileged network and

account access. Organisations can better protect their digital assets and credentials from

malicious actors when they apply these solutions.

1.0 Introduction

Cyber attacks have been on the rise despite the growing technological advancement and

awareness, with the cost projected to hit $8 trillion in 2023 and $10.5 trillion by 2025 [1]. The

increasing cost and sophistication of the attacks have made it increasingly bothersome,

especially with technology becoming an integral portion of our lives.

This paper aims to analyse some of the recent cyber-attacks and hacking techniques employed

by malicious actors and explore the possible ways to protect against data leaks and theft. The

attacks and techniques examined in this paper are those associated with the vulnerability of the

Internet of Things (IoT) devices.

The exhaustive analysis of these hacking techniques will help individuals and corporations

better understand the trick hackers use and how to counteract them, possibly improving these

devices and making them less susceptible to these attacks.

2.0 Critical Discussion

The United Kingdom is home to 286 million IoT devices, which translates to an average of 10.3

of such devices in every household [2]. This is a 26% increase in the last three years, and there

is a likelihood that there will be more such devices in homes as the population grows. The

increasing presence of internet-enabled devices in homes has become a source of worry for

cybersecurity experts, given the convenience with which malicious actors can remotely access

them.

According to the factors mentioned earlier, is the increased rate at which businesses suffer

cyberattacks a coincidence? Thirty-nine per cent of businesses in the UK suffered cyber in

2022, costing them £4200 on average [3]. This number has steadily climbed since the turn of

the decade, coincidentally marking the beginning and acceptance of the work-from-home

model. A survey by the British Chambers of Commerce and IT giants, Cisco, found that

companies with more remote employees had higher chances of being attacked [4].

The argument can be swung in many directions if we consider every known factor. However,

considering these many factors may result in the analysis paralysis phenomenon, negating the

essence of this paper. So far, two main points have been raised about the steady climb of

cybercrime: the growing presence of IoT devices in homes and the increased adoption of the

work-from-home model.

These factors are complementary. More IoT devices in the homes mean more points of entry

and attack by hackers, and more remote workers increase the chances of important work info

being stolen, erased or modified by bad actors. Understanding how IoT works is essential in

pinpointing the backdoors contained in the devices hackers utilise for their devious activities.

2.1 Understanding IoT

IoT is a network of devices with the sole purpose of exchanging data with other devices and

systems over the internet. IoT devices are typically built with sensors, software and embedded

systems. They are interoperable with other devices regardless of differences in technologies

and manufacturers; otherwise, they fail to live by their name, “Internet of Things.”

The data collated by an IoT device is stored on remote servers next to the homeowner's ID and

analysed by the device to improve the service it renders to the owner. Depending on the device,

data collected and sensors contained in the devices, the after-effects of attacks on IoT devices

can devastate the user and owner. Common IoT vulnerabilities are data theft, spoofing,

distributed denial of service attacks (DDoS) and phishing attacks.

2.2 Hacking Techniques Common With IoT Devices

2.2.1 Distributed Denial of Service (DDoS) Attack

DDoS attacks on IoT devices go by a playbook similar to a virus attacking the immune system

en masse until it succumbs. In the case of DDoS attacks in IoT devices, the hacker floods the

IoT network of interest with botnets until the network can no longer take it and breaks down,

rendering it practically unusable [5].

Botnets are a bunch of IoT devices with malware introduced by the hacker. The hacker

manipulates the botnets so the malware in them gets distributed across the network to other

connected devices that soon become part of the botnet army. The most popular significant

botnet attack in history is the Mirai Botnet Attack of 2016.

The brains behind the attack in 2016 engineered the Mirai malware to attack domain registration

services provider Dyn by attacking all systems running Linux. This attack resulted in a cascade

of events as the websites of large corporations like Twitter, CNN and Netflix were collateral

damage [6]. However, the impact of this event created an opportunity for bad actors and

cybersecurity experts alike. Giving the former a whole new arsenal to work with and the latter a

better understanding of the vulnerability within these devices.

2.2.2 Ransomware Attacks

Ransomware attacks have deleterious effects on organisations. Affected organisations never

recover their data half the time, with 4 in every 10 occurrences directly impacting employees,

customers and partners [8]. This is why the vulnerability of IoT devices in workplaces and in the

homes of remote workers should be treated as an emergency.

The mechanism of attack is similar to DDoS and botnet attacks. However, the motive and intent

of the attacker set this attack apart from the others. A prominent example in history is the Hive

attack. Hive is known to target business and corporate organisations [9]. They also have a

particular preference for health organisations known to impact patients’ lives.

Hive was used to attack the customers of Microsoft’s Exchange Server. The attack leveraged

the pass-the-hash technique (PtH). This technique targets service users, stealing their

credentials to log into the service and pose as legitimate users. Unlike other data and credential

theft techniques, PtH requires only a stored version of the users’ [10]. Moreover, they have

become increasingly worrying because they exploit the single sign-on (SSO) technology that

remote workers typically use.

In April of 2022, the Hive group gained access to the Exchange Server via the ProxyShell

despite it being down for only a short while. They then used Mimikatz, a tool used by hackers

and security experts to extract credentials from a system’s memory [11], to steal the NTLM

(Windows New Technology LAN Manager) hash — an SSO hash. The Hive then scanned the

server for other loopholes, collected more data and deployed the ransomware payload.

2.3 Countermeasures Against IoT Attacks

There is no one way to stop IoT attacks. Instead, a suite of solutions would be the ideal way out

for these devices.

1. Regular Update and Patching: New software updates and patches are released now and

then to counteract the presence of vulnerabilities. Moreover, manufacturers ship out

these devices without checking through for updates. As such, they should be updated to

rid them of vulnerabilities before adding them to the new network.

 2. Network Segmentation: Because in DDoS attacks, the malware is passed over the

network, separating the working network of devices with sensitive information should be

the default setup in homes and offices. This ensures that the affected devices are

isolated and prevent malware from spreading.

3. Strong Password: Using pet names, spouse’s date of birth or favourite snack as

passwords is akin to leaving the backdoor open to thieves, hoping they ignore it. Strong

passwords are expensive to break and will discourage hackers. Thus, using multi-factor

authentication alongside elevates network security and its impregnability status.

4. Intrusion Prevention Systems: An intrusion prevention system (IPS) is a security tool that

monitors and analyses a network for malware-related activities [11]. Based on the

system’s settings, they report, prevent, or block malicious activities.

Cybersecurity experts should exploit additional and proactive countermeasures for even better

results. Two of these are:

1. Conduct regular penetration testing

2. Limit network access and account privileges. Implement the principle of least privilege

(POLP), privileged access management (PAM), and zero trust

3.0 Conclusion

As the world becomes more interconnected and reliant on technology, cyber-attacks are likely to

continue to increase in frequency and complexity. Botnets and Ransom-as-a-Service platforms

like Hive are just two of the many plaguing IT infrastructures today. Organisations must stay

vigilant and proactive in protecting their digital assets and sensitive information from cyber

threats.
This paper established that while bad actors can exploit one mechanism, no one

countermeasure may be sufficient to deal with their attacks efficiently. Secure passwords may

delay botnets and DDoS attacks, but if the organisation is unaware of the pollution of their

network, hackers will eventually gain access. This is why pristine IT hygiene, education, and

awareness are critical in preventing such attacks. IoT attacks are becoming increasingly

sophisticated, with the data stored on IoT devices discovering a hack late.

Organisations can still take steps to limit their exposure and protect their critical assets by

regularly updating and patching IoT devices within the office, segmenting IoT and PC networks,

utilising intrusion prevention systems, implementing strong password policies and practising

privileged network access.

References

1. Brooks, C. (n.d.). Cybersecurity Trends & Statistics For 2023; What You Need To Know.

[online] Forbes. Available at:

https://www.forbes.com/sites/chuckbrooks/2023/03/05/cybersecurity-trends--statistics-

for-2023-more-treachery-and-risk-ahead-as-attack-surface-and-hacker-capabilities-

grow/?sh=3f74fcf719db [Accessed 5 May 2023].

2. www.ons.gov.uk. (n.d.). Families and households in the UK - Office for National

Statistics. [online] Available at:

https://www.ons.gov.uk/peoplepopulationandcommunity/birthsdeathsandmarriages/

families/bulletins/familiesandhouseholds/2019#main-points.

3. aag-it.com. (n.d.). The Latest Cyber Crime Statistics (updated March 2023) | AAG IT

Support. [online] Available at:

https://aag-it.com/the-latest-cyber-crime-statistics/#:~:text=39%25%20of%20UK

%20businesses%20reported.

4. Rogers, A. (n.d.). Available at: https://www.britishchambers.org.uk/media/get/Cisco

%20infosheet%20Jan%202022.pdf.‌

5. Meneghello, F., Calore, M., Zucchetto, D., Polese, M. and Zanella, A. (2019). IoT:

Internet of Threats? A survey of practical security vulnerabilities in real IoT devices.

IEEE Internet of Things Journal, 6(5), pp.1–1.

doi:https://doi.org/10.1109/jiot.2019.2935189.‌

6. Cloudflare (n.d.). What is the Mirai Botnet? | Cloudflare. Cloudflare. [online] Available at:

https://www.cloudflare.com/learning/ddos/glossary/mirai-botnet/.‌
7. www.keepit.com. (n.d.). 79% of Organizations Had a Ransomware Attack in the past

Year. Are You Prepared? [online] Available at: https://www.keepit.com/blog/are-you-

prepared-for-a-ransomware-attack/ [Accessed 5 May 2023].‌

8. crowdstrike.com. (n.d.). 16 Ransomware Examples From Recent Attacks - CrowdStrike.

[online] Available at:

https://www.crowdstrike.com/cybersecurity-101/ransomware/ransomware-examples/

#:~:text=16.%20Hive [Accessed 6 May 2023].

9. crowdstrike.com. (n.d.). What is a Pass-the-Hash Attack? | CrowdStrike. [online]

Available at: https://www.crowdstrike.com/cybersecurity-101/pass-the-hash/.

10. SentinelOne. (n.d.). What is Mimikatz? [online] Available at:

https://www.sentinelone.com/cybersecurity-101/mimikatz/#:~:text=Mimikatz%20is%20a

%20tool%20that.

11. ‌VMware. (2022). What is Intrusion Prevention System? | VMware Glossary. [online]

Available at: https://www.vmware.com/topics/glossary/content/intrusion-prevention-

system.html#:~:text=What%20is%20an%20intrusion%20prevention.‌